You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2021/06/24 16:53:00 UTC
[jira] [Resolved] (NIFI-8523) Update secure ftp processors to allow
restriction of algorithms, ciphers and message authentication codes
[ https://issues.apache.org/jira/browse/NIFI-8523?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann resolved NIFI-8523.
------------------------------------
Fix Version/s: 1.14.0
Resolution: Fixed
> Update secure ftp processors to allow restriction of algorithms, ciphers and message authentication codes
> ---------------------------------------------------------------------------------------------------------
>
> Key: NIFI-8523
> URL: https://issues.apache.org/jira/browse/NIFI-8523
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.13.2
> Reporter: Jon Kessler
> Assignee: Jon Kessler
> Priority: Minor
> Fix For: 1.14.0
>
> Time Spent: 3h
> Remaining Estimate: 0h
>
> The SFTPTransfer class, which is used for SSH communications by the four secure ftp processors (GetSFTP, ListSFTP, PutSFTP, and FetchSFTP), uses a java library called net.schmizz.sshj. This library allows one to restrict what algorithms, ciphers and message authentication codes are used by the ssh client created by that library. However SFTPTransfer is hardcoded to use the DefaultConfig which uses all available options.
> I believe it would be beneficial to expose this as a matter of configuration via PropertyDescriptors so that if an operator chose to they could eliminate options that did not fit within their desired security posture.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)